Описание
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
A missing authorization flaw was found in Red Hat Satellite. This flaw allows a malicious local user to access MongoDB on the Satellite server and delete the pulp_database, leading to corruption in the Satellite database. The highest threat from this vulnerability is confidentiality, integrity, and system availability.
Отчет
Red Hat Satellite should not be accessed locally by untrusted users, thus this flaw is considered as a moderate impact only. Satellite is removing MongoDB support in future product releases. Public announcement: https://www.redhat.com/en/blog/red-hat-satellite-standardize-postgresql-backend
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Satellite 6 | satellite | Affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
7.8 High
CVSS3